[SECURITY] Fedora 28 Update: libgit2-0.26.3-1.fc28

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

[SECURITY] Fedora 27 Update: slf4j-1.7.25-4.fc27

The Simple Logging Facade for Java or SLF4J is intended to serve as a simple facade for various logging APIs allowing to the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging JCL. Logging API...

[SECURITY] Fedora 26 Update: slf4j-1.7.22-5.fc26

The Simple Logging Facade for Java or SLF4J is intended to serve as a simple facade for various logging APIs allowing to the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging JCL. Logging API...

Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF

We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...

CVE-2018-0733

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

Design/Logic Flaw

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

CVE-2018-0733

OpenSSL CVE-2018-0733 targets PA-RISC on HP-UX, where the PA-RISC CRYPTO_memcmp implementation is buggy and effectively compares only the least significant bit of each byte. This can allow forging messages to be accepted as authentic, reducing the effort needed for an attack. The vulnerability is...

CloudBees Jenkins Gerrit Trigger Plugin Information Disclosure Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Gerrit Trigger Plugin is the use of...

Vulnerability in OpenSSL - Incorrect CRYPTO_memcmp on HP-UX PA-RISC

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

CVE-2014-2048

The useropenid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation...

CVE-2014-2048

The useropenid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation...

CVE-2014-2048

The useropenid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation...

Debian: Security Advisory (DLA-1308-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Virtuozzo 7 : readykernel-patch (VZA-2018-014)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - It was discovered that the implementation of ebtables in the kernel did not properly validate the offsets received fro...

Mapping the Journey to GDPR Compliance: Who’s got the wheel?

With so many different areas of the company involved in our journey to becoming compliant with the General Data Protection Regulation GDPR by May 25th, it was essential for us to have a strong program manager mapping our route. The GDPR enforces the idea that every company should to be aware of...

Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform

Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...

Linux kernel local elevation of privilege vulnerability (CNVD-2018-06116)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the bridge implementation of the 32-bit system call interface in Linux kernel version 4.x. An attacker could use this vulnerability ...

MGASA-2018-0171 Updated python-pycrypto packages fix security vulnerability

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes ...

[SECURITY] [DLA 1308-1] firefox-esr security update

Package : firefox-esr Version : 52.7.1esr-1deb7u1 CVE ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors ma...

DEBIAN-CVE-2017-18232

The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...